Comments

greggles’s picture

Status: Active » Needs review
StatusFileSize
new5.09 KB

Attached patch
* Does this
* Renames the hook for hiding modules since we may want to hide lots of different things
* Tweaks the README.txt to keep it up to date

I plan to commit this pretty soon as this was a feature people theoretically should have expected in the module based on the project page. berdir's comment in #1 of that issue indicates we should be able to rely on php.module's existence for whether php code will execute, but I'm not sure that's always the case. And, after all, we should be paranoid about whether or not that idea works...

greggles’s picture

mgifford’s picture

Thanks @greggles. This sounds like a very useful addition.

greggles’s picture

It was a 6.x feature that was taken out of 7.x - I think there was some logic to removing it, but paranoia isn't about logic it's about belt and suspenders ;)

greggles’s picture

Status: Fixed » Needs work

Seems this needs work based on http://drupal.org/node/1505270#new

greggles’s picture

I think unsetting the variables was the wrong approach in that issue. Better would be setting the #value and #default_value to FALSE and disabling the user from changing them.

mgifford’s picture

Like the belt & suspenders reference. And ya, good to declare the value as false I figure.

greggles’s picture

Status: Needs work » Needs review
StatusFileSize
new1.39 KB

So, it seems it's not possible to set a checkboxes value to disabled so unsetting them might really be the right thing.

I'm taking to a query to delete them and then after that unsetting seems to work (but I'm keeping the query because...hey, why not).

mgifford’s picture

Is disabling a function something that should be part of D8?

greggles’s picture

After a little more research I found http://drupal.org/node/342316#comment-4732130

However, disabling the checkbox doesn't prevent someone from editing the html and making it enabled, so I think hiding it is better.

greggles’s picture

p.s. any reviews on the patch?

mgifford’s picture

StatusFileSize
new44.73 KB

Seem I can uninstall Paranoia from the modules list which is wrong. Though not sure if that's just my hacked local install throwing odd problems or not.

From Coder severity: normal Line 84: The $string argument to t() should not begin or end with a space. (Drupal Docs). But that's pretty trivial.

I think it looks good. Might make sense to have the "Disabled by paranoia module." right justified so that it's right in the list of the other checkboxes.

But ya, like the belt/suspenders approach of deleting the permissions when permissions are changed. It's one thing to remove them from the form with unset, but much more paranoid to simply delete them as you've done with the new function paranoia_permissions_submit().

greggles’s picture

Title: Prevent granting permissions flagged as dangerous from being assigned to anonymous (and authenticated?) users. » Prevent granting permissions flagged as dangerous from being assigned to anonymous (and authenticated) users.
Status: Needs review » Fixed

Seem I can uninstall Paranoia from the modules list which is wrong. Though not sure if that's just my hacked local install throwing odd problems or not.

.

I can't repeat this behavior, so please try installing a fresh copy.

I feel like making it right aligned is an improvement, but feels like it should come as a later patch.

Now committed with a fix for the space on the t. http://drupalcode.org/project/paranoia.git/commit/41a7851

mgifford’s picture

Sounds good to me.. I wonder if there's some other installed module on this page which is overriding the form alter on the modules page and allowing for this to be disabled in my install... Either way it's a new issue. I'll try to look more into it and post a new issue.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.